diff options
| author | makefu <github@syntax-fehler.de> | 2014-03-17 07:51:03 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2014-03-17 07:51:03 +0100 |
| commit | 1fa15dd59e7dc58f4331305b9f401d3aabfa53cd (patch) | |
| tree | 6e4ee2f1096652276b86f4b9334fa06aafdb38bf /filehooker/root-image | |
| parent | 536bfe6d1e3cce27b6a84d4c19f7feafac690b53 (diff) | |
filehooker: initial commit
using archiso magic scripts
Diffstat (limited to 'filehooker/root-image')
35 files changed, 903 insertions, 0 deletions
diff --git a/filehooker/root-image/etc/fstab b/filehooker/root-image/etc/fstab new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/filehooker/root-image/etc/fstab diff --git a/filehooker/root-image/etc/hostname b/filehooker/root-image/etc/hostname new file mode 100644 index 00000000..ef8963cd --- /dev/null +++ b/filehooker/root-image/etc/hostname @@ -0,0 +1 @@ +filebitch diff --git a/filehooker/root-image/etc/locale.conf b/filehooker/root-image/etc/locale.conf new file mode 100644 index 00000000..01ec548f --- /dev/null +++ b/filehooker/root-image/etc/locale.conf @@ -0,0 +1 @@ +LANG=en_US.UTF-8 diff --git a/filehooker/root-image/etc/pam.d/su b/filehooker/root-image/etc/pam.d/su new file mode 100644 index 00000000..a2910423 --- /dev/null +++ b/filehooker/root-image/etc/pam.d/su @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth sufficient pam_wheel.so trust use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/filehooker/root-image/etc/sudoers.d/g_wheel b/filehooker/root-image/etc/sudoers.d/g_wheel new file mode 100644 index 00000000..8c45359f --- /dev/null +++ b/filehooker/root-image/etc/sudoers.d/g_wheel @@ -0,0 +1 @@ +%wheel ALL=(ALL) NOPASSWD: ALL diff --git a/filehooker/root-image/etc/systemd/scripts/choose-mirror b/filehooker/root-image/etc/systemd/scripts/choose-mirror new file mode 100755 index 00000000..0ae08067 --- /dev/null +++ b/filehooker/root-image/etc/systemd/scripts/choose-mirror @@ -0,0 +1,26 @@ +#!/bin/bash + +get_cmdline() { + local param + for param in $(< /proc/cmdline); do + case "${param}" in + $1=*) echo "${param##*=}"; + return 0 + ;; + esac + done +} + +mirror=$(get_cmdline mirror) +[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv) +[[ $mirror ]] || exit 0 + +mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig +cat >/etc/pacman.d/mirrorlist << EOF +# +# Arch Linux repository mirrorlist +# Generated by archiso +# + +Server = ${mirror%%/}/\$repo/os/\$arch +EOF diff --git a/filehooker/root-image/etc/systemd/system/choose-mirror.service b/filehooker/root-image/etc/systemd/system/choose-mirror.service new file mode 100644 index 00000000..1e4d771d --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/choose-mirror.service @@ -0,0 +1,10 @@ +[Unit] +Description=Choose mirror from the kernel command line +ConditionKernelCommandLine=mirror + +[Service] +Type=oneshot +ExecStart=/etc/systemd/scripts/choose-mirror + +[Install] +WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount b/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount new file mode 100644 index 00000000..4eab5513 --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -0,0 +1,8 @@ +[Unit] +Description=Temporary /etc/pacman.d/gnupg directory + +[Mount] +What=tmpfs +Where=/etc/pacman.d/gnupg +Type=tmpfs +Options=mode=0755 diff --git a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service new file mode 100644 index 00000000..67879d82 --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service @@ -0,0 +1,11 @@ +[Unit] +Description=change filehooker hostname +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/krebs/bin/filehooker_set_hostname.sh + +[Install] +WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf new file mode 100644 index 00000000..d1d8474c --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/filehooker/root-image/etc/systemd/system/pacman-init.service b/filehooker/root-image/etc/systemd/system/pacman-init.service new file mode 100644 index 00000000..23b81445 --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/pacman-init.service @@ -0,0 +1,15 @@ +[Unit] +Description=Initializes Pacman keyring +Wants=haveged.service +After=haveged.service +Requires=etc-pacman.d-gnupg.mount +After=etc-pacman.d-gnupg.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/pacman-key --init +ExecStart=/usr/bin/pacman-key --populate archlinux + +[Install] +WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/systemd/system/tor-announce.service b/filehooker/root-image/etc/systemd/system/tor-announce.service new file mode 100644 index 00000000..818a5c4c --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/tor-announce.service @@ -0,0 +1,11 @@ +[Unit] +Description=Announce Tor Hidden Address +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/krebs/bin/tor_announce.ship + +[Install] +WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules b/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules new file mode 100644 index 00000000..1c4053c0 --- /dev/null +++ b/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules @@ -0,0 +1 @@ +ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="en*|eth*", ENV{SYSTEMD_WANTS}="dhcpcd@$name.service" diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship new file mode 100755 index 00000000..62d3b4f7 --- /dev/null +++ b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship @@ -0,0 +1,15 @@ +#!/usr/bin/env ship +#TODO waiting for ship2 +#@info +#@strict +set -euf +#@include filehooker +. /krebs/lib/filehooker + +dc_hub="adcs://elch.nsupdate.info:2781" +nick="$(cat /etc/hostname)" + +ncdc_install + +ncdc_configure_nick "$nick" +ncdc_configure_hub "$dc_hub" diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship new file mode 100755 index 00000000..f45ffeac --- /dev/null +++ b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship @@ -0,0 +1,7 @@ +#!/bin/sh +#@info +#@strict +#@include filehooker +#for i in $(prepare_netshares) ;do + #ncdc_configure_netshare "$i" "${i##*/}" +#done diff --git a/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh b/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh new file mode 100755 index 00000000..cb9b0170 --- /dev/null +++ b/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash +hostn="filehooker$RANDOM" +echo "$hostn" > /etc/hostname +hostname $hostn + diff --git a/filehooker/root-image/krebs/bin/tor_announce.ship b/filehooker/root-image/krebs/bin/tor_announce.ship new file mode 100755 index 00000000..bf9d58dc --- /dev/null +++ b/filehooker/root-image/krebs/bin/tor_announce.ship @@ -0,0 +1,17 @@ +#!/bin/sh +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +#@include tor +. /krebs/lib/tor + +test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1 + +configure_hidden_service +test ! -e $hidden_service_dir/hostname && \ + info "hidden service file does not exist, restarting tor" && \ + systemctl restart tor && \ + sleep 1 + +cat $hidden_service_dir/hostname | send_irc diff --git a/filehooker/root-image/krebs/bin/tor_publish_ssh.ship b/filehooker/root-image/krebs/bin/tor_publish_ssh.ship new file mode 100755 index 00000000..2ecee9fb --- /dev/null +++ b/filehooker/root-image/krebs/bin/tor_publish_ssh.ship @@ -0,0 +1,12 @@ +#!/usr/bin/env ship +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +#@include tor +. /krebs/lib/tor + +test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1 + +configure_hidden_service +cat $hidden_service_dir/hostname | send_irc diff --git a/filehooker/root-image/krebs/etc/authorized_keys b/filehooker/root-image/krebs/etc/authorized_keys new file mode 100644 index 00000000..f7458157 --- /dev/null +++ b/filehooker/root-image/krebs/etc/authorized_keys @@ -0,0 +1,5 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/mUvSqIroFofp8a+nL6TBgAVvIk8IvFeOsHnRQsvhZX8ddk1+JICipsGwqsT2wRAk9rhcnLU/OdF+PXvykztNa1x4XxNACKnLfWBMk/VGadUkCwsdIwuu80nQfaEz5vNrjgNLfCaNoUa6sg0A2eyyuWH/vruPyfPJNDXA/ZQdXxJCSSfZUnIFW4qjAf4hZ+TK1CY7xECZQ3r+aqhJmSFe3T+ul5ZQLl6fmHP4oTf7sFNV4/fHY8RMxCPMztdyUJc3HB5MhI94VytjXuTSBDAgi5567bH1j1aBco4mAezfgHZy2eqeNVzYmFM/cVGEqyRIjokGYa72ZuGZ5Y58HjVDL8olweUVqOm11ref8+tBovyrHzjNKn6YiiMPYb0j03vBecqZYDA6n24s2WgEniL5WALhi5Y1NgUo1W9WDefhA2xC7p9xSy8kxs1UJH6g9U8SuHY2geJ/dYf3jixB3q/PwAfntejPkX1Pwy+rBVirA1vYIYgOWeifUyq6tYHxVo/kVEbyYkE1B6pBGwRdsWDwT3y02DO3OZFq9QX/0zkJtv2lkMR0LDk8WjZjilfqs1UivDCNY3ZQF+SOvUzeAkQFWSSU+yKlZOGPWcqNUVw8SQCw5/doIKjIclekWJ9KSD1VjTImx2oqYNqOa0kfvX+4cU+ECI1daCR6cjYiuizBIQ== pedro diff --git a/filehooker/root-image/krebs/lib/_punani_db b/filehooker/root-image/krebs/lib/_punani_db new file mode 100644 index 00000000..e5bf15b1 --- /dev/null +++ b/filehooker/root-image/krebs/lib/_punani_db @@ -0,0 +1,57 @@ +_punanidb_pacman_= +_punanidb_yum_= +_punanidb_aptget_= + +_punanidb_pacman_git=git +_punanidb_yum_git=git +_punanidb_aptget_git=git-core + +_punanidb_pacman_python2=python2 +_punanidb_yum_python2=python +_punanidb_aptget_python2=python + +_punanidb_pacman_python3=python +_punanidb_aptget_python3=python3 + +_punanidb_pacman_pip2=python2-pip +_punanidb_aptget_pip2=python-pip + +_punanidb_pacman_virtualenv=python-virtualenv +_punanidb_aptget_virtualenv=python-virtualenv + +_punanidb_pacman_gpp=g++ +_punanidb_aptget_gpp=gcc + +_punanidb_pacman_python2_dev=python2 +_punanidb_aptget_python2_dev=python-dev + +_punanidb_pacman_hostname=inetutils +_punanidb_aptget_hostname=hostname + +_punanidb_pacman_hostname=inetutils +_punanidb_aptget_hostname=hostname + +_punanidb_pacman_make=make +_punanidb_yum_make=make +_punanidb_aptget_make=make + +_punanidb_pacman_tinc=tinc +_punanidb_yum_tinc=tinc +_punanidb_aptget_tinc=tinc + +_punanidb_pacman_zsh=zsh +_punanidb_yum_zsh=zsh +_punanidb_aptget_zsh=zsh + +_punanidb_pacman_tor=tor +_punanidb_yum_tor=tor +_punanidb_aptget_tor=tor + +_punanidb_pacman_nano=nano +_punanidb_yum_nano=nano +_punanidb_aptget_nano=nano + +_punanidb_pacman_vim=vim +_punanidb_yum_vim=vim-enhanced +_punanidb_aptget_vim=vim + diff --git a/filehooker/root-image/krebs/lib/color b/filehooker/root-image/krebs/lib/color new file mode 100644 index 00000000..cec2044e --- /dev/null +++ b/filehooker/root-image/krebs/lib/color @@ -0,0 +1,7 @@ +# superseed logging with color +green='\e[0;32m' +red='\e[0;31m' +nc='\e[0m' +msg() { printf "$*\n" >&2; } +info() { msg "$green$*$nc"; } +error() { msg "$green$*$nc"; } diff --git a/filehooker/root-image/krebs/lib/core b/filehooker/root-image/krebs/lib/core new file mode 100644 index 00000000..0c321525 --- /dev/null +++ b/filehooker/root-image/krebs/lib/core @@ -0,0 +1,80 @@ +# logging +msg() { echo "$*" >&2; } +info() { msg "** $*"; } +error() { msg "!! $*"; } +## usage: die [REASON...] +die() { + test $# -gt 0 && error "$*" + error 'Bailing out.' + exit 1 +} +exists(){ + type "$1" >/dev/null 2>/dev/null; +} + +is_root(){ + test $(id -u) -eq 0 +} + +defer(){ + #close enough + trapstr="$1;${trapstr:-exit}" + trap "$trapstr" INT TERM EXIT KILL +} + +esudo(){ + # weaksauce esudo (expect sudo) + if ! is_root; then + # for the record: + # exec sudo -E "$0" "$@" + error "You are not root enough for this script" + exit 23 # go to hell + fi +} + +get_hostname(){ + # finds the current hostname + # if ENV HOSTN is set echo $HOSTN + # We try the following: + # $HOSTN + # $HOSTNAME + # hostname + # uci system.hostname + # /etc/hostname + # if everything fails, it returns 1 and prints 'unknown' + + if [ -n "${HOSTN:-}" ] ; then printf "${HOSTN:-}" + elif [ -n "${HOSTNAME:-}" ] ;then printf "$HOSTNAME" + elif exists hostname ; then printf "$(hostname)" + elif exists uci ; then printf "$(uci get system.@system[0].hostname)" + elif [ -e /etc/hostname ] ;then printf "$(cat /etc/hostname)" + else printf "unknown"; return 1 + fi + return 0 +} + +line_to_dot(){ + while read line; do printf .; done; +} + +get_os(){ + # TODO: find all the release files + #if grep -q 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then + if grep -q 'Linux' /etc/lsb-release 2>/dev/null || grep -q 'Linux' /etc/issue 2>/dev/null; then + echo 'linux' + elif test -e /etc/preferred-apps/google.xml; then + echo 'android' + elif test -e /etc/openwrt_release; then + echo 'openwrt' + elif uname -s | grep -qi 'darwin'; then + echo 'osx' + else + warn "Cannot determine your operating system, falling back to Linux" + echo 'linux' + fi +} + +# user management +has_user(){ + egrep "^$1:" /etc/passwd >/dev/null +} diff --git a/filehooker/root-image/krebs/lib/filehooker b/filehooker/root-image/krebs/lib/filehooker new file mode 100644 index 00000000..18376465 --- /dev/null +++ b/filehooker/root-image/krebs/lib/filehooker @@ -0,0 +1,119 @@ +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +ncdc_user=${ncdc_user:-hooker} +ncdc_bin=${ncdc_bin:-/usr/bin/ncdc} + +ncdc_config(){ + # maybe we want to use the running ncdc process and communicate via tmux send-keys ? + (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin" +} + +ncdc_configure_netshare(){ + : "${1?provide path to share}" + rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` + rnd_name="${2:-share_$rnd}" + info "adding share" + (echo "/share $rnd_name $1") | ncdc_config +} + +ncdc_configure_nick(){ + nick=${1?nick must be provided} + info "configuring DC Nick: $nick" + echo "/nick $nick" | ncdc_config +} +ncdc_configure_hub(){ + rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` + hubname="hub_$rnd" + hub=${1?adcs://localhost:2781} + info "configuring DC Hub: $hub, activating autconnect" + info "setting active as true" + (echo "/open ${hubname} ${hub}" ; + echo "/hset autoconnect true") | ncdc_config +} + +ncdc_download(){ +install_dir="$(dirname "${ncdc_bin}")" +info "installing ncdc to $install_dir" +curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | tar xz -C "$install_dir" +} +ncdc_install(){ +useradd -m $ncdc_user ||: +} + +ncdc_autostart(){ +# only systemd +# punani install tmux +cat > /etc/systemd/system/ncdc@.service <<EOF +[Unit] +Description=ncdc +Requires=network.target local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +KillMode=none +User=%I +ExecStart=/usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc +ExecStop=/usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable ncdc@$ncdc_user +} + +# 20gig in bytes +min_netshare_size=${min_netshare_size:-20000000000} +get_disksize(){ +fdisk -l ${1?provide disk} | grep '^Disk ' | cut -d\ -f 5 +} + +prepare_netshares(){ + count=0 + fdisk -l | grep '^Disk ' | egrep '(/dev/sd|/dev/hd)' | cut -d\ -f 2 | tr -d : | while read disk;do + size=$(get_disksize $disk) + if test "$size" -gt "$min_netshare_size"; + then + info "using $disk with $size bytes" + dd if=/dev/zero of=$disk bs=1M count=1 >/dev/null + sleep 1 + (printf "o\nn\np\n\n\n\nw\n\n") |fdisk $disk >/dev/null ||: + #partprobe $disk + mkfs.btrfs -f ${disk}1 >/dev/null + uuid="$(blkid ${disk}1 -o value | head -n 1)" + mountpoint="/media/vag${count}" + mkdir -p "$mountpoint" + echo "UUID=$uuid $mountpoint btrfs rw,relatime,space_cache 0 0" >> /etc/fstab + echo "$mountpoint" + : $((count++)) + else + info "skipping $disk" + fi + done +} +install_tor_announce(){ +# systemd only +info "writing tor_announce.service" +cat > /etc/systemd/system/tor_announce.service<<EOF +[Unit] +Description=Announce Tor Hidden Address +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/tor_announce + +[Install] +WantedBy=multi-user.target +EOF +info "writing tor_announce to /usr/bin/tor_announce" +printf '#!/bin/sh\nsleep 20\n' > /usr/bin/tor_announce +http_get conf.krebsco.de/tor_publish_ssh >> /usr/bin/tor_announce +chmod +x /usr/bin/tor_announce +info "enable tor_announce" +systemctl enable tor_announce +systemctl start tor_announce +} diff --git a/filehooker/root-image/krebs/lib/iso b/filehooker/root-image/krebs/lib/iso new file mode 100644 index 00000000..0776d796 --- /dev/null +++ b/filehooker/root-image/krebs/lib/iso @@ -0,0 +1,7 @@ +get_volid(){ + #returns the volume id of the iso given + # is needed for remastering the archlinux iso + + #punani install genisoimage + isoinfo -d -i "${1?path to iso must be given}" | grep "^Volume id:" | cut -d: -f 2 |xargs +} diff --git a/filehooker/root-image/krebs/lib/krebs b/filehooker/root-image/krebs/lib/krebs new file mode 100644 index 00000000..e47031d6 --- /dev/null +++ b/filehooker/root-image/krebs/lib/krebs @@ -0,0 +1,16 @@ +#@include core +krebs_pubkeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7df1RfMGNHPJe0iF6rD9DBs/4VujN6nNr7RbRCFk7HF/JzLXSn9Vcwk+3JefP4/d/bUo0h03rhQaRohDhBScrJidj2YacF6gmZOuTf3AMWprdz9D/1dDkN/ytwzGhADhqbHEWeomIllsa8Up4PvEeDcIHJGzYvuc0BbGqRk0XgxwqIrLAhdpTfEKaTbt7IzmUqEofxThTZ/4k020PKn2WDBWKQYGZJ9Ba2WzlKUXWx842ncW29oxC2faRz4M3eMPy0JMpBLkK9U3dccE75dgT/89/4ofVjM7+J3FOP3dgXzrtk+A5aN5a/veJUViQ9xdGxXvoa++iCr5q/BVRv0Bb sammy@muhbaasu.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOIRWLC4ESCDxjyoJUqaUNC8ZDiE4UICZk3cbDptdtendTQvjSXz0RW6MWhJ+F6wWZntL1EibKn8djax1tzgcvNASCUEtGey/850IzBIrETs+WQDRjV2QqBKWxVaQPIFjw2V3vFSKKNxq01qznVBY510DIf4+0WR8b1ZPD/XbuyQLGYM3N7dP4JQSnnNAgtyutBKdomWfT18hW1lLjkP8h1IOiC03HxXTYX+nMUiLDff3D5GT5u3Ke2+VigXjz4Ue8rVsOg/zgqrwEAfx8o1q83uSB23oqUqWkqlxOC/4QY5kpdNqW/Iz89zHibp5ZceHd2ZSoGefv7UZM0lRIDHjJ retiolum@ire +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3+2vSwiJoIpHpnkw4SslPrlR6/z43nZ7s1tGXkkNnVDB2uzxMaISNRjSk0GgXpDx4hLEi6074hSvv5JWbUuMyKr9n6GVVeYNCjsiPcRkL3d7zDwFwqyndhVeWgmpuylYx4XKIbTvpBVyG3CRT1+D4apVUgiDa9lVfjBk7/ESxBzt0dXtlJEzQBBoCo0C8jeeIpvZKbq1zeM9wvLsgFaT7fsSxrg5BEb/tQl6pbkykWFXbzzd91liEQaSqai7Ux2355ZXGANQBCTglKhdTcir0RuHNtQGrZHBxL9qVfJjJJNZg1b6UAhDanqE/HyOI3sp6LGBvpW5afLKOdj9ppQQN retiolum@nomic +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel" + +authorized_keys_file="${authorized_keys:-$HOME/.ssh/authorized_keys}" +deploy_krebs_pubkeys(){ +info "deploying pubkeys in $authorized_keys_file" +mkdir -p "$(dirname "$authorized_keys_file")" +printf "$krebs_pubkeys\n" >> "$authorized_keys_file" + +} diff --git a/filehooker/root-image/krebs/lib/network b/filehooker/root-image/krebs/lib/network new file mode 100644 index 00000000..df2ae153 --- /dev/null +++ b/filehooker/root-image/krebs/lib/network @@ -0,0 +1,100 @@ +#@include core +. /krebs/lib/core + +# TODO refactor this +which_get_loader(){ + if ! exists curl ; then + if ! exists wget ; then + warn "Please install curl or wget" + return 1 + else + echo "wget -q -O-" + fi + else + echo "curl -L -s" + fi + return 0 +} + +which_head_loader(){ + if ! exists curl ; then + if ! exists wget ; then + warn "Please install curl or wget" + return 1 + else + echo "wget -O- --spider -S -q" + fi + else + echo "curl -L -I -s" + fi + return 0 +} + +http_get(){ + eval "$(which_get_loader)" "${1?please provide url}" +} +http_head(){ + eval "$(which_head_loader)" "${1?please provide url}" 2>&1 +} + +internet(){ + secret=$(http_get http://krebsco.de/secret 2>/dev/null) + if [ "$secret" = "1337" ]; then + return 0 + else + echo "cannot load secret or secret incorrect" >&2 + return 1 + fi +} + +which_telnet(){ + # find Telnet or similar and executes it at the end + # requires exist + # if env TELNET is set, will be trying to run this + # Tries the following things: + # telnet + # nc + # netcat + # busybox telnet + if [ -e "${TELNET:-does_not_exist}" ]; then + info "Will be using $TELNET as Telnet Client" + echo $TELNET + elif exists telnet ;then + command -v telnet + elif exists nc ;then + command -v nc + elif exists netcat;then + command -v netcat + elif exists busybox;then + echo `command -v busybox` telnet + else + die 'Cannot find telnet binary, please install either telnet-client or busybox or netcat or provided TELNET environment.' + fi +} + +run_telnet(){ + host="$1" + port="$2" + $(which_telnet) "$host" "$port" +} + +send_irc(){ + ## reads from stdin, writes to IRC + ## + ## requires func: exists() anytelnet() + if [ -z "${HOSTN:-}" ]; then + HOSTN="$(get_hostname)" + info "no HOSTN given, using $HOSTN instead" + fi + IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"} + IRCSERVER=${IRCSERVER:-"irc.freenode.net"} + IRCPORT=${IRCPORT:-6667} + NICK="${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)" + info "starting irc connect as $NICK" + ( echo "NICK $NICK"; + echo "USER $NICK $IRCSERVER bla : $NICK"; + echo "JOIN $IRCCHANNEL"; + sleep 23; + while read line; do echo "PRIVMSG $IRCCHANNEL :$line";sleep 1;done + sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null +} diff --git a/filehooker/root-image/krebs/lib/punani b/filehooker/root-image/krebs/lib/punani new file mode 100644 index 00000000..4338d19d --- /dev/null +++ b/filehooker/root-image/krebs/lib/punani @@ -0,0 +1,99 @@ +#@include core +#@include _punani_db + +## usage: punani_has PACKAGE +punani_has() { + eval "_punani_${PACKER}_has \"\$1\"" +} + +## usage: punani_owner PACKAGE +punani_owner() { + eval "_punani_${PACKER}_owner \"\$1\"" +} + +## usage: punani_install PACKAGE +punani_install() { + eval "_punani_${PACKER}_install \"\$1\"" +} + +## usage: punani_remove PACKAGE +punani_remove() { + eval "_punani_${PACKER}_remove \"\$1\"" +} + +## usage: _punani_resolve_package PKGNAME +_punani_resolve_package(){ + eval "set -u; echo \"\${_punanidb_${PACKER}_$1}\"" 2>/dev/null +} + +## usage: _punani_select_packer +_punani_select_packer() { + for p in ${_punani_known_packers:-null}; do + exists $p && info "using $p" && PACKER=`echo $p | tr -d -` && break + done +} +_punani_known_packers='pacman apt-get yum brew' +_punani_pacman_install(){ pacman --noconfirm -S --needed "$@" ;} +_punani_pacman_remove(){ pacman --noconfirm -Rcs "$@" ;} +_punani_pacman_has(){ pacman -Q "$1" >/dev/null;} +_punani_pacman_owner() { pacman -Qo "$1"; } +_punani_aptget_install(){ apt-get -y install "$@" ;} +_punani_aptget_remove(){ apt-get -y remove "$@" |